<?
require "include/bittorrent.php";
dbconn();

if (!empty($_COOKIE["ident"]))
	$dupe = get_row_count("users", "WHERE identhash = " . sqlesc($_COOKIE["ident"]));

$res = query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);

if ($arr[0] >= $maxusers || $dupe)
	error("Sorry, user limit reached. Please try again later.");

if (!mkglobal("wantusername:wantpassword:passagain:email"))
	die();

function validusername($username)
{
	if ($username == "")
	  return false;

	// The following characters are allowed in user names
	$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

	for ($i = 0; $i < strlen($username); ++$i)
	  if (strpos($allowedchars, $username[$i]) === false)
	    return false;

	return true;
}

function isportopen($port)
{
	$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
	if ($sd)
	{
		fclose($sd);
		return true;
	}
	else
		return false;
}

/*
function isproxy()
{
	$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
	for ($i = 0; $i < count($ports); ++$i)
		if (isportopen($ports[$i])) return true;
	return false;
}
*/

$gender = $_POST["gender"];
$residence = $_POST["residence"];

if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($gender))
	error("Don't leave any fields blank.");

if (strlen($wantusername) > 12)
	error("Username is too long (max is 12 chars).");

if ($wantpassword != $passagain)
	error("The passwords didn't match! Must've typoed. Try again.");

if (strlen($wantpassword) < 6)
	error("Password is too short (min is 6 chars).");

if (strlen($wantpassword) > 40)
	error("Password is too long (max is 40 chars).");

if ($wantpassword == $wantusername)
	error("Password cannot be same as user name.");

if (!validemail($email))
	error("That doesn't look like a valid email address.");

if (!validusername($wantusername))
	error("Invalid username.");

// make sure user agrees to everything...
if ($_POST["verify"] != "yes")
	alert("Signup failed", "Sorry, you're not qualified to become a member of this site. You must agree to the terms.");

// check if email addy is already in use
$a = (@mysql_fetch_row(@query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
  error("The e-mail address $email is already in use.");

/*
// do simple proxy check
if (isproxy())
	error("You appear to be connecting through a proxy server. Your organization or ISP may use a transparent caching HTTP proxy. Please try and access the site on <a href=http://torrentbits.org:81/signup.php>port 81</a> (this should bypass the proxy server). <p><b>Note:</b> if you run an Internet-accessible web server on the local machine you need to shut it down until the sign-up is complete.");
*/

$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = (!$arr[0]?"":mksecret());

$ret = query("INSERT INTO users (username, passhash, secret, editsecret, email, gender, residence, status, ". (!$arr[0]?"class, ":"") ."added) VALUES (" .
		implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, $gender, $residence, (!$arr[0]?'confirmed':'pending')))).
		", ". (!$arr[0]?UC_SYSOP.", ":""). "'". get_date_time() ."')");

if (!$ret) {
	if (mysql_errno() == 1062)
		error("Username already exists!");
	error("Signup failed.");
}

$id = mysql_insert_id();

//write_log("User account $id ($wantusername) was created");

$psecret = md5($editsecret);

$body = <<<EOD
You have requested a new user account on $SITENAME and you have
specified this address ($email) as user contact.

If you did not do this, please ignore this email. The person who entered your
email address had the IP address {$_SERVER["REMOTE_ADDR"]}. Please do not reply.

To confirm your user registration, you have to follow this link:

$SITEURL/confirm.php?id=$id&secret=$psecret

After you do this, you will be able to use your new account. If you fail to
do this, you account will be deleted within a few days. We urge you to read
the RULES and FAQ before you start using $SITENAME.
EOD;

if($arr[0])
  mail($email, "$SITENAME user registration confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");
else 
  logincookie($id, $wantpasshash);

header("Refresh: 0; url=ok.php?type=". (!$arr[0]?"sysop":("signup&email=" . urlencode($email))));

?>